ToddyCat claws at Asian governments

Plus, Yodel gets hacked and Microsoft puts the kibosh on AI that reads emotion.

Researchers are monitoring an advanced persistent threat (APT) codenamed ToddyCat that has been linked to attacks on government and military entities in Europe and Asia since at least December 2020. Using an unknown exploit to deploy the Chopper web shell, the group targets Microsoft Exchange servers to activate a multistage infection change ultimately leading to Samurai, a backdoor that allows the attackers to move laterally within the compromised network.

It is unclear if this operation is connected to a similar APT Avast was tracking a couple years ago, which also attacked the same kinds of targets but used Gh0st RAT to install its backdoors. “This seems to be a nation-state sponsored attack, due to the nature of the targeted victims and the complexity of the attack chain,” commented Avast Security Evangelist Luis Corrons. “Although there is evidence that points to the possible country behind this attack, attribution requires more indicators. It is still too early to have a final answer.” For more on this story, see The Hacker News

Yodel tracking system down due to hack

Delivery company Yodel is continuing to convey parcels to clients, but customers can not track their packages due to what the company calls a “cyber incident.” Yodel did not expound on what kind of cyber incident it experienced, but the issue seems also to be causing service delays. "As soon as we detected the incident, we launched an investigation, led by our internal IT division and supported by an external IT forensics group,” a Yodel spokesperson told ZDNet. “We are working to restore tracking as quickly as we can and have engaged with all relevant authorities," they added.

Microsoft retires emotion recognition AI 

In a move intended as a “meaningful update to its Responsible AI Standard,” Microsoft has announced that it will be retiring its research into facial analysis capabilities that purport to infer emotional states and identity attributes such as gender, age, smiles, hair, facial hair, and makeup. “These efforts raised important questions about privacy,” Azure AI Principal Group Project Manager Sarah Bird wrote in the announcement. She also said the capability to predict sensitive attributes could open up a wide range of abuses “including subjecting people to stereotyping, discrimination, or unfair denial of services.” For more on this, see Engadget

Exploit allows ransomware attack on OneDrive and SharePoint

Security researchers have discovered a way in which attackers could encrypt documents stored on OneDrive or SharePoint. The cloud ransomware attack chain relies on abusing the document versioning settings that are part of the Office 365 and Microsoft 365 cloud offerings. By default, documents on OneDrive or SharePoint can have up to 500 versions, but that number is configurable by the user. If an attacker gets in (through phishing or some other means of infection), they could reduce the number of versions accessible to the user down to one, and then the attacker could encrypt that one version. For more explanation on this proof-of-concept, see CSO Online

Almost 70,000 patient records exposed in Kaiser breach

On June 3, health plan provider Kaiser Permanente disclosed a data breach that involved 69,589 patient records, including names, dates of service, medical record numbers, and lab test results. According to the company, credit card numbers and social security numbers were not exposed. “On April 5, 2022, Kaiser Permanente discovered that an unauthorized party gained access to an employee’s emails. We terminated the unauthorized access within hours after it began,” the healthcare provider wrote in its statement. It is unclear why the company waited two months to report the breach. “While we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility,” the company added. For more, see TechCrunch

This week’s must-read on the Avast blog 

Vishing scams that use voice and voicemail to target victims are becoming more prominent. Interpol is cracking down, but you still need to protect yourself.

--> -->